CVE-2015-8980 — Improper Input Validation in Project Php-gettext

CWE-20 — Improper Input Validation9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

4.6%

top 10.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Php-gettext Project Php-gettext Phpmyadmin Debian Php-gettext +4 more

Timeline

PublishedNov 4

Latest updateMay 24

Description

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages7 packages

▶debiandebian/php-gettext< php-gettext 1.0.12-0.1 (bookworm)

▶NVDphp-gettext_project/php-gettext< 1.0.12

▶Debianphp-gettext_project/php-gettext< 1.0.12-0.1+1

▶CVEListV5php-gettext_project/php-gettextbefore 1.0.12

▶debiandebian/phpmyadmin< php-gettext 1.0.12-0.1 (bookworm)

Also affects: Fedora 24, Enterprise Linux 5.0

🔴Vulnerability Details

GHSA

GHSA-gxcv-w2wp-7xvm: The plural form formula in ngettext family of calls in php-gettext before 1↗2022-05-24

▶

OSV

CVE-2015-8980: The plural form formula in ngettext family of calls in php-gettext before 1↗2019-11-04

▶

📋Vendor Advisories

Ubuntu

Gettext vulnerability↗2021-03-15

▶

Debian

CVE-2015-8980: php-gettext - The plural form formula in ngettext family of calls in php-gettext before 1.0.12...↗2015

▶

💬Community

Bugzilla

CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [fedora-all]↗2016-08-16

▶

Bugzilla

CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter↗2016-08-16

▶

Bugzilla

CVE-2015-8980 php53-php-gettext: php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-5]↗2016-08-16

▶

Bugzilla

CVE-2015-8980 php-php-gettext: Arbitrary code execution in select_string, ngettext and npgettext count parameter [epel-all]↗2016-08-16

▶